Question about SVN over WebDAV security


#1

Hello friends,

After reading a lot about different methods of Subversion access, I
still don’t understand if it’s possible to have HTTPS access (meaning
Apache+WebDAV) access to the repository, but in a way that would require
each client to have installed a certificate on their machine…

My goal is to have this kind of security - I know how to do that with
svn+ssh, but I think I need web access, because I want to install TRAC
as well… even if I wouldn’t explicitly need HTTP access to the repo,
TRAC would still show the source, protected with just a password (and
not certificate on the client machine).

Any thoughts on this?

Thank you very much!
david


#2

On Jul 28, 8:57 am, “D. Krmpotic” removed_email_address@domain.invalid
wrote:

After reading a lot about different methods of Subversion access, I
still don’t understand if it’s possible to have HTTPS access (meaning
Apache+WebDAV) access to the repository, but in a way that would require
each client to have installed a certificate on their machine…

I believe it is possible to set up SSL through Apache in such a way
that it requires a client certificate to connect, but I’m not 100%
sure. At any rate, Apache is definitely the layer at which this would
be handled, regardless of whether you were serving a subversion
repository or just a static website. If no one else here has a quick
answer for you, I’d recommend digging through the Apache documentation
and perhaps asking on an Apache-specific group.


Regards,

John W.


#3

Thank you for the tip!

One of the reasons I was asking here is to see if anyone else is doing
something like that… I don’t want to do something out of the ordinary.
If I decide to do it, I’ll definitely ask in some Apache group.

So what is everyone using? Repository protected with a regular password
(over https)? Is that secure enough?

thank you1

david

John W. wrote:

On Jul 28, 8:57 am, “D. Krmpotic” removed_email_address@domain.invalid
wrote:

After reading a lot about different methods of Subversion access, I
still don’t understand if it’s possible to have HTTPS access (meaning
Apache+WebDAV) access to the repository, but in a way that would require
each client to have installed a certificate on their machine…

I believe it is possible to set up SSL through Apache in such a way
that it requires a client certificate to connect, but I’m not 100%
sure. At any rate, Apache is definitely the layer at which this would
be handled, regardless of whether you were serving a subversion
repository or just a static website. If no one else here has a quick
answer for you, I’d recommend digging through the Apache documentation
and perhaps asking on an Apache-specific group.


Regards,

John W.